[Feature Request] Support reading certificate from Windows certificate store

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".

https://stackoverflow.com/questions/tagged/azure-ad-msal+python

Other

754 stars 191 forks source link

[Feature Request] Support reading certificate from Windows certificate store #685

Open jiasli opened 2 months ago

jiasli commented 2 months ago

MSAL client type

Confidential

Problem Statement

Currently, authenticating a service principal with certificate only supports plain-text certificate string as private_key:

https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/52b1fc5a442ff5dd33f48ce717f1032c8002ea9e/msal/application.py#L213-L224

Proposed solution

It would be helpful to allow reading certificate from Windows certificate store.

rayluo commented 2 months ago

We would need to investigate how, and what kind of extra dependency it would bring (pywin32?).

FWIW, the managed identity support is coming. And I believe the path forward would be stay away from secret and even cert, and use federated by managed identity instead. See the last paragraph of the client_credential parameter for details.